Of Stuxnet fame, there is a new fix for the LNK vulnerability in MS15-020.

It turns out the initial fix had a bug. A malicious LNK file with a link path of exactly 257 characters containing embedded unescaped spaces, and two "target" files - one with embedded unescaped spaces and one without can still execute code.